Bypass BAN C++ Func AW TU7

1. Entry Point: 0x84E73552
2. //Structure Mapped by Bitwise
3. //Updated and modified by Mario
4. typedef struct _ACStruct{
5. BYTE OnlineIP[4]; //0x00-0x04 (Randomize)
6. QWORD MachineId; //0x04-0x0C (Randomize)
7. BYTE Enet; //0x0C-0x12 (Randomize)
8. SHORT Padding1; //0x12-0x14 (0x0000)
9. FLOAT fUnknown[2]; //0x14-0x1C (fUnknown[0] = *(float*)(0x849F6630); fUnknown[1] = *(float*)(0x849F6634);)
10. SHORT sUnknown; //0x1C-0x1E (sUnknown = ((*(int*)0x8466D5DC) >> 10);)
11. BYTE RetailFlag; //0x1E-0x1F (0x3)
12. CHAR ConsoleSerial[0xC]; //0x1F-0x2B (Randomize)
13. CHAR Padding2; //0x2B-0x2C (0x00)
14. CHAR ConsoleId[0xC]; //0x2C-0x38 (Randomize)
15. SHORT KernalVersion; //0x38-0x3A (0x42FE)
16. } ACStruct, *PAW_RESP;
17.  
18. Unknown Short Details:
19. .text:822EA174 lis r9, ((dword_84639700+0x10000)@h) # start
20. .text:822EA178 lis r8, 3 # 0x33EDC # r8 = 0x33EDC
21. .text:822EA17C addi r7, r9, -0x6900 # dword_84639700 # r7 = 0x84639700
22. .text:822EA180 ori r6, r8, 0x3EDC # 0x33EDC # r6 = 0x33EDC
23. .text:822EA184 li r5, 2
24. .text:822EA188 addi r4, r1, 0x160+var_100
25. .text:822EA18C addi r3, r1, 0x160+var_F0
26. .text:822EA190 lwzx r11, r7, r6 # r11 = 0x8466D5DC (Math: 0x84639700(r7) + 0x33EDC(r6) = 0x8466D5DC(r11))
27. .text:822EA194 srwi r10, r11, 10 # r10 = 0x8466D5DC >> 10
28. .text:822EA198 sth r10, 0x60(r1) # Response + 0x1C = r10
29.  
30. So you need to make the unknown short: 0x8466D5DC >> 10
31.  
32. Unknown Float Details:
33. Same exact thing as the unknown short, just reverse a few lines.
34. So you need to make the unknown float: 0x849F6630 and 0x849F6634
35.  
36. //TU7 Anticheat Functions
37. Anticheat_answerChallenges: 0x821E3EE8
38. Anticheat_buildChallenges: 0x822EA018
39.  
40. //SaveStub
41. inline __declspec() int answerChallenges(int r3, int r4, int r5)
42. {
43. __asm
44. {
45. nop
46. nop
47. nop
48. nop
49. nop
50. nop
51. nop
52. blr
53. }
54. }
55.  
56. //answerChallenges Hook
57. //Hook with HookFunctionStart
58. //Hook made by Mario
59. DWORD AWBypassHook(int Unknown, int Anticheat, int StructPointer)
60. {
61. //Define Variables
62. short shUnknown; float flUnknown[2];
63.  
64. //Allocate Buffer
65. ACStruct* Response = (ACStruct*)malloc(0x3A);
66.  
67. //Null Buffer in Memory
68. memset((void*)(StructPointer + 0x22), 0, 0x3A);
69.  
70. //Get Data From Memory
71. shUnknown = ((*(int*)0x8466D5DC) >> 10);
72. flUnknown[0] = *(float*)(0x849F6630);
73. flUnknown[1] = *(float*)(0x849F6634);
74.  
75. //Build Response Buffer
76. memcpy(&Response->OnlineIP, IPAddress, 4);
77. memcpy(&Response->MachineId, MachineId, 8);
78. memcpy(&Response->Enet, Enet, 6);
79. Response->Padding1 = 0x0000;
80. memcpy(&Response->fUnknown, flUnknown, 8);
81. Response->sUnknown = shUnknown;
82. Response->RetailFlag = 0x03;
83. memcpy(&Response->ConsoleSerial, ConsoleSerial, 12);
84. Response->Padding2 = 0x00;
85. memcpy(&Response->ConsoleId, ConsoleIndex, 12);
86. Response->KernalVersion = 0x42FE;
87.  
88. //Store Response
89. memcpy((void*)(StructPointer + 0x22), Response, 0x3A);
90.  
91. //Notify Client
92. XNotify(L"Challenge Spoofed!");
93.  
94. //Free Allocated Memory
95. free(Response);
96.  
97. //Return SaveStub
98. return answerChallenges(Unknown, Anticheat, StructPointer);
99. }
100.  
101. //Call
102. HookFunctionStart((PDWORD)0x821E3EE8, (PDWORD)answerChallenges, (DWORD)AWBypassHook);